What is LawBrain?
It's a living legal community making laws accessible and interactive. Click Here to get Started »

Difference between revisions of "Health Information Technology for Economic and Clinical Health Act (HITECH)"

From lawbrain.com

m
Line 1: Line 1:
HITECH is a U.S. law that requires data breach notice of unauthorized use or disclosure of unencrypted personal health information.<br>  
+
HITECH is a U.S. law that requires data breach notice of unauthorized use or disclosure of unencrypted personal health information.<br>
  
{{stub}}  
+
{{stub}}<br>
  
 
== Overview  ==
 
== Overview  ==
  
The Health Information Technology for Economic and Clinical Health Act (HITECH)<ref>http://hdl.loc.gov/loc.uscongress/legislation.111hr1</ref> is part of the [[American Recovery and Reinvestment Act of 2009 (ARRA)]]. HITECH broadens the scope of privacy and security protections already available under HIPAA. This law also increases the potential legal liability for non-compliance and provides for more enforcement. HITECH requires data breach notification for unauthorized uses and disclosures of "unsecured PHI" (unencrypted personal health information). These breach notification requirements are similar to most state data breach laws related to personally identifiable information. For those health providers with an electronic health record (EHR) system in place, patients have a right to access their electronic personal health information (ePHI). The patient can also have their records be sent to a third-party for a fee that is equal to the labor cost to produce. Additioanlly, HITECH has changed it so that business associates (e.g. accounting firms, billing agencies, law firms) of those organizations subject to HIPAA (e.g. health care providers, pharmacies) are now subject to the same data privacy and security requirements, including the civil and criminal penalities, as those HIPAA-regulated organizations they work with.  
+
The Health Information Technology for Economic and Clinical Health Act (HITECH)<ref>http://hdl.loc.gov/loc.uscongress/legislation.111hr1</ref> is part of the [[American Recovery and Reinvestment Act of 2009 (ARRA)]]. HITECH broadens the scope of privacy and security protections already available under HIPAA. This law also increases the potential legal liability for non-compliance and provides for more enforcement. HITECH requires data breach notification for unauthorized uses and disclosures of "unsecured PHI" (unencrypted personal health information). These breach notification requirements are similar to most state data breach laws related to personally identifiable information. For those health providers with an electronic health record (EHR) system in place, patients have a right to access their electronic personal health information (ePHI). The patient can also have their records be sent to a third-party for a fee that is equal to the labor cost to produce. Additioanlly, HITECH has changed it so that business associates (e.g. accounting firms, billing agencies, law firms) of those organizations subject to HIPAA (e.g. health care providers, pharmacies) are now subject to the same data privacy and security requirements, including the civil and criminal penalities, as those HIPAA-regulated organizations they work with.
  
 
== References  ==
 
== References  ==
  
<references />  
+
<references />
  
 
== External Links  ==
 
== External Links  ==
Line 21: Line 21:
 
== Related Blogs on FindLaw  ==
 
== Related Blogs on FindLaw  ==
  
<rss>http://search.yahooapis.com/WebSearchService/rss/webSearch.xml?appid=yahoosearchwebrss&query=health%20information%20HITECH%20Act:blogs.findlaw.com|max=5</rss> <br> <!-- Begin Yahoo Web Services HTML Attribution Snippet -->&nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [http://www.developer.yahoo.com Web Services by Yahoo!] <!-- End Yahoo Web Services HTML Attribution Snippet -->  
+
<rss>http://search.yahooapis.com/WebSearchService/rss/webSearch.xml?appid=yahoosearchwebrss&query=health%20information%20HITECH%20Act:blogs.findlaw.com|max=5</rss> <br> <!-- Begin Yahoo Web Services HTML Attribution Snippet -->&nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [http://www.developer.yahoo.com Web Services by Yahoo!] <!-- End Yahoo Web Services HTML Attribution Snippet -->
  
 
== See Also  ==
 
== See Also  ==
  
*[[Health Insurance Portability and Accountability Act (HIPAA)]]  
+
*[[Health Insurance Portability and Accountability Act (HIPAA)]]
*[[U.S. Privacy Law]]  
+
*[[U.S. Privacy Law]]
 
*[[American Recovery and Reinvestment Act of 2009 (ARRA)]]
 
*[[American Recovery and Reinvestment Act of 2009 (ARRA)]]
  

Revision as of 10:19, 28 May 2010

HITECH is a U.S. law that requires data breach notice of unauthorized use or disclosure of unencrypted personal health information.

  • This LawBrain entry is a stub. Please help us expand it! Click the 'Edit' tab above to add to this page.

Contents

Overview

The Health Information Technology for Economic and Clinical Health Act (HITECH)[1] is part of the American Recovery and Reinvestment Act of 2009 (ARRA). HITECH broadens the scope of privacy and security protections already available under HIPAA. This law also increases the potential legal liability for non-compliance and provides for more enforcement. HITECH requires data breach notification for unauthorized uses and disclosures of "unsecured PHI" (unencrypted personal health information). These breach notification requirements are similar to most state data breach laws related to personally identifiable information. For those health providers with an electronic health record (EHR) system in place, patients have a right to access their electronic personal health information (ePHI). The patient can also have their records be sent to a third-party for a fee that is equal to the labor cost to produce. Additioanlly, HITECH has changed it so that business associates (e.g. accounting firms, billing agencies, law firms) of those organizations subject to HIPAA (e.g. health care providers, pharmacies) are now subject to the same data privacy and security requirements, including the civil and criminal penalities, as those HIPAA-regulated organizations they work with.

References

  1. http://hdl.loc.gov/loc.uscongress/legislation.111hr1

External Links

Related Resources on FindLaw

Related Blogs on FindLaw

Failed to load RSS feed from http://search.yahooapis.com/WebSearchService/rss/webSearch.xml?appid=yahoosearchwebrss&query=health%20information%20HITECH%20Act:blogs.findlaw.com!

                                                                            Web Services by Yahoo!

See Also

Contributors

FindLaw Michelle, FindLaw Nira, Sfitzpatrick